Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 07:04
Static task
static1
Behavioral task
behavioral1
Sample
c033fa0f5158ed4cbd839b6655ba5e84_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c033fa0f5158ed4cbd839b6655ba5e84_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c033fa0f5158ed4cbd839b6655ba5e84_JaffaCakes118.html
-
Size
23KB
-
MD5
c033fa0f5158ed4cbd839b6655ba5e84
-
SHA1
5281c40f8a8710f87857beb93de3701df2378aa9
-
SHA256
24993c820814aa52e53573c183690969223ac8ba3b59fa02b73f8f2fb5ec247e
-
SHA512
5d9b772de447e889eaff739ec4ec47f1491c22cce03d3128b4a769368a4e704a6a6eb82905c2188065fce2e4a186671149fe88ad36a254a50278466ef2f19f17
-
SSDEEP
192:uWbsb5n1SjcnQjxn5Q/VnQiegNnMXInQOkEntbHnQTbnpnQ6CnQtawMBAqnYnQ7r:dQ/2Qx
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{564D85F1-62B0-11EF-ACB8-4605CC5911A3} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430731365" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2096 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2096 iexplore.exe 2096 iexplore.exe 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2096 wrote to memory of 2856 2096 iexplore.exe 30 PID 2096 wrote to memory of 2856 2096 iexplore.exe 30 PID 2096 wrote to memory of 2856 2096 iexplore.exe 30 PID 2096 wrote to memory of 2856 2096 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c033fa0f5158ed4cbd839b6655ba5e84_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2856
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD56970c87fa8be215bbc5814e9f809b9ce
SHA1b86fcf9ab444e29e8331fe36ff27386ebf8f21ef
SHA2567439475b6a5ad189c57a95c49e86c080475899969efe7878b30dec11ceecf3e1
SHA512ead690253575c3d0f6eaae2711a6ee719ea62cca75ffecf975c99a36130a8fcb6ee8c8f9a34fac6fd1a9a1152a4a1fc5ccc2da6bc4293a5ee4aed76542a57116
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e42b78a5e03c445583f287b7feaa290a
SHA10b1dae0911deb9064eb6cd122aff3b22875dae35
SHA256ccfb57bcea87fde26d030364d22bb33566d8c09050c7ab0c5a939547708210c0
SHA51259869426287830f62ef39952e0374acacf7a11e6c2ae16115ee246abd311a5bb305393f967142964668d8dd241b28843e0a02f878c46c5ce736051d9bd42a07e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD584f2c376844fa2ebeeededba21b52473
SHA1d6ee0cbb77db0c4acad96978fd5144b1635f478c
SHA256999087c8830a1c24db8d5f8089b01ec963d96c2a3b51814efea50747722a5b2f
SHA5122c5a305f8feed217e39699cf63dba641866ac936472f400a5aa8a3cf56ddb22d46f5822f759d00ba4f977f54dcafe3546eba0915f1c1f53e34607b4052c97ed3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e86f365beea540ef8549f7b65dc8eb25
SHA1957d4c47a74e10608ddad919e3ec516281ef3eeb
SHA256324027c366f63e4698077f4b0119baa1c5f0afe35161e9a9a64535681460d07d
SHA512eb66addaf04cf32cd05b57d22d8224c94681796dbb8d83d61930bc7fbe6d868ead85a449302f142cff75a6eda3b55f94f496290e46b17516aa5b8dd659bf0cc5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD58279c16eaacf3ad7ad6c2d909b4c8cb8
SHA1a7a972afb9c994f35e633d7724d8be80e19adfb1
SHA256827438c80ca17426ae22f6cf0913a4523b5ce0cef9c1f13e8829755cea537695
SHA5123e5df0c9701cfa5672f43b60cf44c25e16632cb70827d644cc52f43ab28b91b18860f0c9bf4376952ee7e3ace41fb955c3ba80e5c57c56d2ede605f21b934b28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD583630a9f25f049c0cf817135de4b21b5
SHA15f824c64d37a917abbcf0b4d64a6418be90de29e
SHA2564e217695ad2fb4ca2160b54e7d7c1fc36a5e4b11e4cbe208b82b3be107b3d643
SHA51266d300596995a32e7d462d74d758b11d18a1e9665bf8486800da8b0968b10f5fce5d14f7f1a1f5a432d9117ca9e4ba762b9f5df2d7f0c49b5f02a760cf6a930f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD554c8ddcd485f257e903714a1efce6dc3
SHA1f95849ff7908ae47761a7517accabf7b1f62ffed
SHA2564232f63344cac00be6a3a437a60b1d7c44ff6ed70ec29716f5cdde09bfc93616
SHA5122505096daafe420308254d6644137b113a691fb9221daee15d706498d2ee298c842ea12a6b92c0406ab96ce65275b9961f013442f708a302d03b3429db2f14a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5aeecad1d455f69869e57ede7f2287c51
SHA1a0820ec206e0a37096f024ca6697a39982d68fdf
SHA25695b413b5584d574a65a9daff0d925877b41151d20cad2cdd58c23491e020e58d
SHA5126f6f4ba3ac5a417ac0e7e044bfcd5af4eb7c91cfd2b56f67dfa3f4a7f70abf54cff8eca0b1ddebd48bfcc32cf8313bb9c51c6be62450dd52b7252d2d328f0863
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5e935ebd80b23041ebc96a3b484c95047
SHA1bba99a9d18c538b7023eb89be76f91e32fd33288
SHA256926d8acdca568c997512baba16a40864237afa3fb22f66de66f87515f7580fee
SHA51244c22ce09bc039562bd228efe104139e9822b71a0a97abc8ff5d8fdae822a950a2ede513512cebb649f58bfa813b6919e318f0562c717def24c3e85eae278352
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b